Month: July 2013

Apache-Tomcat VHost redirection

Posted on by

OK this isn’t rocket science however I thought it worth documenting since I will probably forget in 6 months to a year when asked to do this again.

The Situation: Tomcat running with an Apache front-end using AJP to pass all traffic through to Tomcat after authenticating against CAS.

The Problem: The tomcat application did not exist in the root context so traffic needed to be forwarded to DOMAIN/sub-dir using HTTPS to insure data is secure.  We were simply forwarding all HTTP traffic to HTTPS and forwarding any URL with DOMAIN/sub-dir in the path.  That meant anyone going to DOMAIN/ was not being redirected to the application.

Where we were:

#/etc/httpd/conf/httpd.conf

<VirtualHost *:80>
                Redirect / https://DOMAIN/SUB-DIR
#/etc/httpd/conf.d/ssl/conf

<Location /SUB-DIR>
       ProxyPass ajp://localhost:8009/SUB-DIR
       ProxyPassReverse  ajp://localhost:8009/SUB-DIR
</Location>

For a reason I don’t have the details for (a change on the tomcat application side) this stopped working.  Following CAS authentication the user was being returned to HTTPS://DOMAIN/SUB-DIRSUB-DIR which of course didn’t work.  Since the application was now configured as desired I needed to fix the rewrite/redirection issue.

Before I get to the solution.  For all previous cases we had a consulting firm working with us, they would simply put a redirection statement in tomcat root context. Not really a great idea but hey I don’t get paid the big bucks as a consultant so what do I know!

The Solution:

First to handle all HTTP traffic:

#/etc/httpd/conf/httpd.conf
<VirtualHost *:80>
                Redirect / https://jenkins.uits.uconn.edu/
</VirtualHost>

Now to handle the secure HTTPD traffic.  My first attempt (without thinking) was to do this:

#/etc/httpd/conf.d/ssl.conf

<Location />
       ProxyPass ajp://localhost:8009/SUB-DIR
       ProxyPassReverse  ajp://localhost:8009/SUB-DIR
</Location>

<Location /SUB-DIR>
       ProxyPass ajp://localhost:8009/SUB-DIR
       ProxyPassReverse  ajp://localhost:8009/SUB-DIR
</Location>

This of course did not work because Apache was never reaching the /SUB-DIR test!  So a quick cut and paste and I had this:

#/etc/httpd/conf.d/ssl.conf

<Location /SUB-DIR>
       ProxyPass ajp://localhost:8009/SUB-DIR
       ProxyPassReverse  ajp://localhost:8009/SUB-DIR
</Location>

<Location />
       ProxyPass ajp://localhost:8009/SUB-DIR
       ProxyPassReverse  ajp://localhost:8009/SUB-DIR
</Location>

This works.  It is clean and quick the way it is supposed to be.  To recap